Update homeserver.yaml with some new options we could enable

7 lat temu · ae912c4529
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -33,11 +33,6 @@ pid_file: /homeserver.pid
 #
 # cpu_affinity: 0xFFFFFFFF

 # The path to the web client which will be served at /_matrix/client/
 # if 'webclient' is configured under the 'listeners' configuration.
 #
 # web_client_location: "/path/to/web/root"

 # The public-facing base URL that clients use to access this HS
 # (not including _matrix/...). This is the same URL a user would
 # enter into the 'custom HS URL' field on their client. If you
@@ -64,6 +59,13 @@ use_presence: {{ matrix_synapse_use_presence|to_json }}
 # (except those sent by local server admins). The default is False.
 # block_non_admin_invites: True

 # Room searching
 #
 # If disabled, new messages will not be indexed for searching and users
 # will receive errors when searching for messages. Defaults to enabled.
 #
 # enable_search: false

 # Restrict federation to the following whitelist of domains.
 # N.B. we recommend also firewalling your federation listener to limit
 # inbound federation traffic as early as possible, rather than relying
@@ -137,8 +139,6 @@ federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_js
 #   static: static resources under synapse/static (/_matrix/static). (Mostly
 #       useful for 'fallback authentication'.)
 #
 #   webclient: A web client. Requires web_client_location to be set.
 #
 listeners:
 {% if matrix_synapse_metrics_enabled %}
  - type: metrics
@@ -192,41 +192,33 @@ listeners:
  #   bind_addresses: ['::1', '127.0.0.1']
  #   type: manhole

 # Homeserver blocking
 #

 ## Homeserver blocking ##

 # How to reach the server admin, used in ResourceLimitError
 # admin_contact: 'mailto:admin@server.com'
 #
 # Global block config
 #

 # Global blocking
 # hs_disabled: False
 # hs_disabled_message: 'Human readable reason for why the HS is blocked'
 # hs_disabled_limit_type: 'error code(str), to help clients decode reason'
 #

 # Monthly Active User Blocking
 #
 # Enables monthly active user checking
 # limit_usage_by_mau: False
 # max_mau_value: 50
 # mau_trial_days: 2
 #

 # If enabled, the metrics for the number of monthly active users will
 # be populated, however no one will be limited. If limit_usage_by_mau
 # is true, this is implied to be true.
 # mau_stats_only: False
 #

 # Sometimes the server admin will want to ensure certain accounts are
 # never blocked by mau checking. These accounts are specified here.
 #
 # mau_limit_reserved_threepids:
 # - medium: 'email'
 #   address: 'reserved_user@example.com'
 #
 # Room searching
 #
 # If disabled, new messages will not be indexed for searching and users
 # will receive errors when searching for messages. Defaults to enabled.
 # enable_search: true


 ## TLS ##
@@ -321,7 +313,8 @@ tls_fingerprints: []



 # Database configuration
 ## Database ##

 database:
  # The database engine name
  name: "psycopg2"
@@ -337,6 +330,7 @@ database:
 event_cache_size: "{{ matrix_synapse_event_cache_size }}"


 ## Logging ##

 # A yaml python logging config file
 log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"
@@ -369,6 +363,15 @@ federation_rc_reject_limit: 50
 # single server
 federation_rc_concurrent: 3

 # Number of registration requests a client can send per second.
 # Defaults to 1/minute (0.17).
 # rc_registration_requests_per_second: 0.17

 # Number of registration requests a client can send before being
 # throttled.
 # Defaults to 3.
 # rc_registration_request_burst_count: 3.0



 # Directory where uploaded images and attachments are stored.
@@ -404,7 +407,7 @@ max_image_pixels: "32M"
 # from a precalculated list.
 dynamic_thumbnails: false

 # List of thumbnail to precalculate when an image is uploaded.
 # List of thumbnails to precalculate when an image is uploaded.
 thumbnail_sizes:
 - width: 32
  height: 32
@@ -494,7 +497,6 @@ max_spider_size: "10M"




 ## Captcha ##
 # See docs/CAPTCHA_SETUP for full details of configuring this.

@@ -510,13 +512,13 @@ recaptcha_private_key: "YOUR_PRIVATE_KEY"
 enable_registration_captcha: False

 # A secret key used to bypass the captcha test entirely.
 #captcha_bypass_secret: "YOUR_SECRET_HERE"
 # captcha_bypass_secret: "YOUR_SECRET_HERE"

 # The API endpoint to use for verifying m.login.recaptcha responses.
 recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
 recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"


 ## Turn ##
 ## TURN ##

 # The public URIs of the TURN server to give to clients
 turn_uris: {{ matrix_synapse_turn_uris|to_json }}
@@ -526,8 +528,8 @@ turn_shared_secret: {{ matrix_synapse_turn_shared_secret|to_json }}

 # The Username and password if the TURN server needs them and
 # does not use a token
 #turn_username: "TURNSERVER_USERNAME"
 #turn_password: "TURNSERVER_PASSWORD"
 # turn_username: "TURNSERVER_USERNAME"
 # turn_password: "TURNSERVER_PASSWORD"

 # How long generated TURN credentials last
 turn_user_lifetime: "1h"
@@ -541,6 +543,8 @@ turn_allow_guests: False


 ## Registration ##
 # Registration can be rate-limited using the parameters in the "Ratelimiting"
 # section of this file.

 # Enable registration for new users.
 enable_registration: {{ matrix_synapse_enable_registration|to_json }}
@@ -603,8 +607,6 @@ trusted_third_party_id_servers:

 # Users who register on this homeserver will automatically be joined
 # to these rooms
 #auto_join_rooms:
 #    - "#example:example.com"
 {% if matrix_synapse_auto_join_rooms|length > 0 %}
 auto_join_rooms:
 {{ matrix_synapse_auto_join_rooms|to_nice_yaml }}
@@ -624,6 +626,16 @@ autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms }}
 enable_metrics: {{ matrix_synapse_metrics_enabled }}
 report_stats: {{ matrix_synapse_report_stats|to_json }}

 # Enable sentry integration
 # NOTE: While attempts are made to ensure that the logs don't contain
 # any sensitive information, this cannot be guaranteed. By enabling
 # this option the sentry server may therefore receive sensitive
 # information, and it in turn may then diseminate sensitive information
 # through insecure notification channels if so configured.
 #
 # sentry:
 #    dsn: "..."


 ## API Configuration ##

@@ -689,7 +701,8 @@ perspectives:

 # Enable SAML2 for registration and login. Uses pysaml2.
 #
 # saml2_config:
 # `sp_config` is the configuration for the pysaml2 Service Provider.
 # See pysaml2 docs for format of config.
 #
 #   # The following is the configuration for the pysaml2 Service Provider.
 #   # See pysaml2 docs for format of config.
@@ -848,8 +861,8 @@ password_providers:
 # because it is loaded by the app. iPhone, however will send a
 # notification saying only that a message arrived and who it came from.
 #
 #push:
 #   include_content: true
 # push:
 #    include_content: true


 # spam_checker:
@@ -875,8 +888,8 @@ enable_group_creation: false
 # UPDATE user_directory_stream_pos SET stream_id = NULL;
 # on your database to tell it to rebuild the user_directory search indexes.
 #
 #user_directory:
 #   search_all_users: false
 # user_directory:
 #    search_all_users: false


 # User Consent configuration
@@ -955,12 +968,55 @@ enable_group_creation: false
 # on this server.
 #
 # The format of this option is a list of rules that contain globs that
 # match against user_id and the new alias (fully qualified with server
 # name). The action in the first rule that matches is taken, which can
 # currently either be "allow" or "deny".
 #
 # If no rules match the request is denied.
 alias_creation_rules:
    - user_id: "*"
      alias: "*"
      action: allow
 # match against user_id, room_id and the new alias (fully qualified with
 # server name). The action in the first rule that matches is taken,
 # which can currently either be "allow" or "deny".
 #
 # Missing user_id/room_id/alias fields default to "*".
 #
 # If no rules match the request is denied. An empty list means no one
 # can create aliases.
 #
 # Options for the rules include:
 #
 #   user_id: Matches against the creator of the alias
 #   alias: Matches against the alias being created
 #   room_id: Matches against the room ID the alias is being pointed at
 #   action: Whether to "allow" or "deny" the request if the rule matches
 #
 # The default is:
 #
 # alias_creation_rules:
 #   - user_id: "*"
 #     alias: "*"
 #     room_id: "*"
 #     action: allow

 # The `room_list_publication_rules` option controls who can publish and
 # which rooms can be published in the public room list.
 #
 # The format of this option is the same as that for
 # `alias_creation_rules`.
 #
 # If the room has one or more aliases associated with it, only one of
 # the aliases needs to match the alias rule. If there are no aliases
 # then only rules with `alias: *` match.
 #
 # If no rules match the request is denied. An empty list means no one
 # can publish rooms.
 #
 # Options for the rules include:
 #
 #   user_id: Matches against the creator of the alias
 #   room_id: Matches against the room ID being published
 #   alias: Matches against any current local or canonical aliases
 #            associated with the room
 #   action: Whether to "allow" or "deny" the request if the rule matches
 #
 # The default is:
 #
 # room_list_publication_rules:
 #   - user_id: "*"
 #     alias: "*"
 #     room_id: "*"
 #     action: allow